fbpx Skip to main content

ISAE 3402 statement

Our customers should be able to fully rely on our software and services. To ensure this, an annual audit takes place by an independent IT audit organisation to review if Blue10 is meeting the objectives of ISAE 3402.

ISAE 3402 deals with assurance engagements that are performed at third-party providers, the so-called service organisations. This is done to provide recipients of services and their accountant with reasonable assurance about the internal controls of the service organisation. The scope of the assessment is limited to processes and control measures, to the extent relevant for the financial statement audit of the service recipient entity.

The ISAE 3402 Assurance Report is carried out annually, by means of an audit by an independent party. This Assurance Report is based on the general Assurance Guideline 3000.
2-Control, an IT audit party with certified IT auditors, has reviewed our processes according to this standard.

Blue10 has completed the ISAE 3402 audit for financial year 2021 and received the corresponding statement, in which 2-Control has issued an ISAE 3402 type 2 report. The 2-Control report gives existing and potential Blue10 customers insight into the quality of the IT services we offer to our users.

Scope of the ISAE 3402 Type Assurance report

The scope of the ISAE 3402 report includes the systems, operational activities and service of Blue10 and the supporting services regarding Blue10 that will be further described and elaborated in this report.

  • The statement provides a certain degree of certainty as to:
  • The true and fair view of a description of the system;
  • The suitability of the design of the control measures;
  • The suitability of the effective operation of the control measures.
  • The statement is limited to criteria for Security, Availability and Process Integrity.

The scope of the investigation is limited to processes and control measures, to the extent relevant for the financial statement audit of the service recipient entity.

When will the 2022 report be available?

The next report will be the report for the year 2022. In order to make a complete report, the year 2022 must have ended. Because the audit with our IT auditor may take some time, it is expected that the next report will become available during the first quarter of 2023. As soon as the report is available, we ensure that this is mentioned in the newsletter. We do not have any ‘Bridge letters’ available in  the meantime.

Download report

The full ISAE 3402 Type 2 Assurance report is digitally available for Blue10 customers and can be downloaded here.

The report is only available in Dutch.


If you have any questions about the ISAE 3402 Type 2 Assurance report, please send your questions to compliance@blue10.com.